diff mbox series

[meta-oe,scarthgap,1/1] unixodbc: Fix CVE-2024-1013

Message ID 20240607124219.3646766-1-soumya.sambu@windriver.com
State Accepted
Headers show
Series [meta-oe,scarthgap,1/1] unixodbc: Fix CVE-2024-1013 | expand

Commit Message

ssambu June 7, 2024, 12:42 p.m. UTC 
From: Soumya Sambu <soumya.sambu@windriver.com>

An out-of-bounds stack write flaw was found in unixODBC on 64-bit
architectures where the caller has 4 bytes and callee writes 8 bytes.
This issue may go unnoticed on little-endian architectures, while
big-endian architectures can be broken.

References:
https://nvd.nist.gov/vuln/detail/CVE-2024-1013

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
---
 .../unixodbc/files/CVE-2024-1013.patch        | 53 +++++++++++++++++++
 .../unixodbc/unixodbc_2.3.12.bb               |  1 +
 2 files changed, 54 insertions(+)
 create mode 100644 meta-oe/recipes-support/unixodbc/files/CVE-2024-1013.patch

Comments

Khem Raj June 7, 2024, 2:09 p.m. UTC | #1 
On Fri, Jun 7, 2024 at 5:42 AM Soumya via lists.openembedded.org
<soumya.sambu=windriver.com@lists.openembedded.org> wrote:
>
> From: Soumya Sambu <soumya.sambu@windriver.com>
>
> An out-of-bounds stack write flaw was found in unixODBC on 64-bit
> architectures where the caller has 4 bytes and callee writes 8 bytes.
> This issue may go unnoticed on little-endian architectures, while
> big-endian architectures can be broken.
>
> References:
> https://nvd.nist.gov/vuln/detail/CVE-2024-1013
>
> Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
> ---
>  .../unixodbc/files/CVE-2024-1013.patch        | 53 +++++++++++++++++++
>  .../unixodbc/unixodbc_2.3.12.bb               |  1 +
>  2 files changed, 54 insertions(+)
>  create mode 100644 meta-oe/recipes-support/unixodbc/files/CVE-2024-1013.patch
>

This seems applicable to master branch as well. If that's the case
then test and send patches for the master branch first.
and then send a backport patch for release branches.

> diff --git a/meta-oe/recipes-support/unixodbc/files/CVE-2024-1013.patch b/meta-oe/recipes-support/unixodbc/files/CVE-2024-1013.patch
> new file mode 100644
> index 000000000..688446545
> --- /dev/null
> +++ b/meta-oe/recipes-support/unixodbc/files/CVE-2024-1013.patch
> @@ -0,0 +1,53 @@
> +From 76beb0938ef14276123996bfd99df23b0c7f0982 Mon Sep 17 00:00:00 2001
> +From: Soumya Sambu <soumya.sambu@windriver.com>
> +Date: Fri, 7 Jun 2024 11:10:46 +0000
> +Subject: [PATCH] PostgreSQL driver: Fix incompatible pointer-to-integer types
> +
> +These result in out-of-bounds stack writes on 64-bit architectures
> +(caller has 4 bytes, callee writes 8 bytes), and seem to have gone
> +unnoticed on little-endian architectures (although big-endian
> +architectures must be broken).
> +
> +This change is required to avoid a build failure with GCC 14.
> +
> +CVE: CVE-2024-1013
> +
> +Upstream-Status: Backport [https://github.com/lurcher/unixODBC/commit/45f501e1be2db6b017cc242c79bfb9de32b332a1]
> +
> +Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
> +---
> + Drivers/Postgre7.1/info.c | 6 +++---
> + 1 file changed, 3 insertions(+), 3 deletions(-)
> +
> +diff --git a/Drivers/Postgre7.1/info.c b/Drivers/Postgre7.1/info.c
> +index 63ac91f..2216ecd 100644
> +--- a/Drivers/Postgre7.1/info.c
> ++++ b/Drivers/Postgre7.1/info.c
> +@@ -1779,14 +1779,14 @@ char *table_name;
> + char index_name[MAX_INFO_STRING];
> + short fields_vector[8];
> + char isunique[10], isclustered[10];
> +-SDWORD index_name_len, fields_vector_len;
> ++SQLLEN index_name_len, fields_vector_len;
> + TupleNode *row;
> + int i;
> + HSTMT hcol_stmt;
> + StatementClass *col_stmt, *indx_stmt;
> + char column_name[MAX_INFO_STRING], relhasrules[MAX_INFO_STRING];
> + char **column_names = 0;
> +-Int4 column_name_len;
> ++SQLLEN column_name_len;
> + int total_columns = 0;
> + char error = TRUE;
> + ConnInfo *ci;
> +@@ -2136,7 +2136,7 @@ HSTMT htbl_stmt;
> + StatementClass *tbl_stmt;
> + char tables_query[STD_STATEMENT_LEN];
> + char attname[MAX_INFO_STRING];
> +-SDWORD attname_len;
> ++SQLLEN attname_len;
> + char pktab[MAX_TABLE_LEN + 1];
> + Int2 result_cols;
> +
> +--
> +2.40.0
> diff --git a/meta-oe/recipes-support/unixodbc/unixodbc_2.3.12.bb b/meta-oe/recipes-support/unixodbc/unixodbc_2.3.12.bb
> index 7819387c3..dfad833e0 100644
> --- a/meta-oe/recipes-support/unixodbc/unixodbc_2.3.12.bb
> +++ b/meta-oe/recipes-support/unixodbc/unixodbc_2.3.12.bb
> @@ -11,6 +11,7 @@ DEPENDS = "libtool readline"
>  SRC_URI = "https://www.unixodbc.org/unixODBC-${PV}.tar.gz \
>             file://do-not-use-libltdl-source-directory.patch \
>             file://0001-exe-Makefile.am-add-CROSS_LAUNCHER-to-run-odbc_confi.patch \
> +           file://CVE-2024-1013.patch \
>  "
>  SRC_URI[sha256sum] = "f210501445ce21bf607ba51ef8c125e10e22dffdffec377646462df5f01915ec"
>
> --
> 2.40.0
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#110766): https://lists.openembedded.org/g/openembedded-devel/message/110766
> Mute This Topic: https://lists.openembedded.org/mt/106541920/1997914
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [raj.khem@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
diff mbox series

Patch

diff --git a/meta-oe/recipes-support/unixodbc/files/CVE-2024-1013.patch b/meta-oe/recipes-support/unixodbc/files/CVE-2024-1013.patch
new file mode 100644
index 000000000..688446545
--- /dev/null
+++ b/meta-oe/recipes-support/unixodbc/files/CVE-2024-1013.patch
@@ -0,0 +1,53 @@ 
+From 76beb0938ef14276123996bfd99df23b0c7f0982 Mon Sep 17 00:00:00 2001
+From: Soumya Sambu <soumya.sambu@windriver.com>
+Date: Fri, 7 Jun 2024 11:10:46 +0000
+Subject: [PATCH] PostgreSQL driver: Fix incompatible pointer-to-integer types
+
+These result in out-of-bounds stack writes on 64-bit architectures
+(caller has 4 bytes, callee writes 8 bytes), and seem to have gone
+unnoticed on little-endian architectures (although big-endian
+architectures must be broken).
+
+This change is required to avoid a build failure with GCC 14.
+
+CVE: CVE-2024-1013
+
+Upstream-Status: Backport [https://github.com/lurcher/unixODBC/commit/45f501e1be2db6b017cc242c79bfb9de32b332a1]
+
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ Drivers/Postgre7.1/info.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/Drivers/Postgre7.1/info.c b/Drivers/Postgre7.1/info.c
+index 63ac91f..2216ecd 100644
+--- a/Drivers/Postgre7.1/info.c
++++ b/Drivers/Postgre7.1/info.c
+@@ -1779,14 +1779,14 @@ char *table_name;
+ char index_name[MAX_INFO_STRING];
+ short fields_vector[8];
+ char isunique[10], isclustered[10];
+-SDWORD index_name_len, fields_vector_len;
++SQLLEN index_name_len, fields_vector_len;
+ TupleNode *row;
+ int i;
+ HSTMT hcol_stmt;
+ StatementClass *col_stmt, *indx_stmt;
+ char column_name[MAX_INFO_STRING], relhasrules[MAX_INFO_STRING];
+ char **column_names = 0;
+-Int4 column_name_len;
++SQLLEN column_name_len;
+ int total_columns = 0;
+ char error = TRUE;
+ ConnInfo *ci;
+@@ -2136,7 +2136,7 @@ HSTMT htbl_stmt;
+ StatementClass *tbl_stmt;
+ char tables_query[STD_STATEMENT_LEN];
+ char attname[MAX_INFO_STRING];
+-SDWORD attname_len;
++SQLLEN attname_len;
+ char pktab[MAX_TABLE_LEN + 1];
+ Int2 result_cols;
+
+--
+2.40.0
diff --git a/meta-oe/recipes-support/unixodbc/unixodbc_2.3.12.bb b/meta-oe/recipes-support/unixodbc/unixodbc_2.3.12.bb
index 7819387c3..dfad833e0 100644
--- a/meta-oe/recipes-support/unixodbc/unixodbc_2.3.12.bb
+++ b/meta-oe/recipes-support/unixodbc/unixodbc_2.3.12.bb
@@ -11,6 +11,7 @@  DEPENDS = "libtool readline"
 SRC_URI = "https://www.unixodbc.org/unixODBC-${PV}.tar.gz \
            file://do-not-use-libltdl-source-directory.patch \
            file://0001-exe-Makefile.am-add-CROSS_LAUNCHER-to-run-odbc_confi.patch \
+           file://CVE-2024-1013.patch \
 "
 SRC_URI[sha256sum] = "f210501445ce21bf607ba51ef8c125e10e22dffdffec377646462df5f01915ec"